summaryrefslogtreecommitdiffstatsabout
diff options
context:
space:
mode:
-rw-r--r--NEWS3
-rw-r--r--include/mod_gnutls.h.in3
-rw-r--r--src/gnutls_config.c16
-rw-r--r--src/gnutls_hooks.c2
-rw-r--r--src/mod_gnutls.c4
5 files changed, 26 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index d7bb44f..d5b68b6 100644
--- a/NEWS
+++ b/NEWS
@@ -8,7 +8,8 @@
8- Added support for session tickets. This allows a 8- Added support for session tickets. This allows a
9 server to avoid using a session cache and still support 9 server to avoid using a session cache and still support
10 session resumption. This is at the cost of transporting 10 session resumption. This is at the cost of transporting
11 session data during handshake. 11 session data during handshake. New option
12 GnuTLSSessionTickets [on|off]
12 13
13- Depend on gnutls 2.10.0 to force support for safe 14- Depend on gnutls 2.10.0 to force support for safe
14 renegotiation. 15 renegotiation.
diff --git a/include/mod_gnutls.h.in b/include/mod_gnutls.h.in
index 40d0c40..5bb8514 100644
--- a/include/mod_gnutls.h.in
+++ b/include/mod_gnutls.h.in
@@ -109,6 +109,7 @@ typedef struct
109 unsigned int ca_list_size; 109 unsigned int ca_list_size;
110 int client_verify_mode; 110 int client_verify_mode;
111 apr_time_t last_cache_check; 111 apr_time_t last_cache_check;
112 int tickets; /* whether session tickets are allowed */
112} mgs_srvconf_rec; 113} mgs_srvconf_rec;
113 114
114typedef struct { 115typedef struct {
@@ -280,6 +281,8 @@ const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy,
280 const char *arg); 281 const char *arg);
281const char *mgs_set_priorities(cmd_parms * parms, void *dummy, 282const char *mgs_set_priorities(cmd_parms * parms, void *dummy,
282 const char *arg); 283 const char *arg);
284const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
285 const char *arg);
283 286
284const char *mgs_set_require_section(cmd_parms *cmd, 287const char *mgs_set_require_section(cmd_parms *cmd,
285 void *mconfig, const char *arg); 288 void *mconfig, const char *arg);
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index d75e785..ca26a2d 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -285,6 +285,22 @@ const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
285 return NULL; 285 return NULL;
286} 286}
287 287
288const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
289 const char *arg)
290{
291 mgs_srvconf_rec *sc =
292 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
293 module_config,
294 &gnutls_module);
295
296 sc->tickets = 0;
297 if (strcasecmp("on", arg) == 0) {
298 sc->tickets = 1;
299 }
300
301 return NULL;
302}
303
288 304
289#ifdef ENABLE_SRP 305#ifdef ENABLE_SRP
290 306
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 2130cb0..032e6f3 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -673,7 +673,7 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c)
673 ctxt->output_length = 0; 673 ctxt->output_length = 0;
674 674
675 gnutls_init(&ctxt->session, GNUTLS_SERVER); 675 gnutls_init(&ctxt->session, GNUTLS_SERVER);
676 if (session_ticket_key.data != NULL) 676 if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0)
677 gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); 677 gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key);
678 678
679 /* because we don't set any default priorities here (we set later at 679 /* because we don't set any default priorities here (we set later at
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index 08e7dba..c95d183 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -121,6 +121,10 @@ static const command_rec mgs_config_cmds[] = {
121 NULL, 121 NULL,
122 RSRC_CONF, 122 RSRC_CONF,
123 "Cache Configuration"), 123 "Cache Configuration"),
124 AP_INIT_TAKE1("GnuTLSSessionTickets", mgs_set_tickets,
125 NULL,
126 RSRC_CONF,
127 "Session Tickets Configuration"),
124 AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, 128 AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities,
125 NULL, 129 NULL,
126 RSRC_CONF, 130 RSRC_CONF,